COMMONWEALTH OF VIRGINIA - Eva.virginia.gov

More documents

Recommendations

Info

eVA Electronic Procurement System Security Standards Department of General Services / Division of Purchases and Supply Date: May 1, 2013 GENRERAL RESPONSIBILITES Department of General Services / Division of Purchases and Supply (DGS/DPS) The Department of General Services /Division of Purchases and Supply is responsible for ensuring the eVA policy and standards are maintained and enforced. Division of Purchases and Supply (DPS) Account Executive The Division of Purchases and Supply staff member assigned to the entity to assist them in effectively using and configuring eVA. This staff member shall also be responsible for coordinating Security Access training with the Global eVA Security Officer. form. The Entity eVA Security Officer is responsible for ensuring Entity Personnel identified in this standard are trained and are aware of their responsibilities to comply with these standards. The Entity eVA Security Officer shall perform the user access review quarterly and annually. Entity Procurement Director The Entity Procurement Director shall be responsible for authorizing access to eVA. The procurement director shall notify the Entity eVA Security Officer and the DPS Account Executive in writing of any Entity eVA Lead that is also approved to authorize access to eVA by submitting the “COVA Entity eVA Designation Form” (Refer to Appendix C.) Entity Administrative Head Entity eVA Security Management and business continuity planning for entity purchasing is the responsibility of the Entity Administrative Head. Each Entity Administrative Head will designate, in writing, primary and backup Entity eVA Security Officer(s) for his/her organization by submitting the “COVA Entity eVA Designation Form” (Refer to Appendix C.) Entity eVA Lead Responsible for the entity’s day to day eVA functions including working with the Entity eVA Security Officer and the DPS Account Executive to ensure proper agency setup and user access is maintained. Entity eVA Security Officer The Entity eVA Security Officer shall be responsible for ensuring all entity eVA users have signed the eVA Acceptable Use Acknowledgement and maintain a copy either electronically or in hard copy Page 6 Global eVA Security Management Global eVA Security Management is the responsibility of DGS. The DGS Director shall designate the Global eVA Security Officer based on the recommendation of the DPS Director and the Director of DGS Information Systems and Services. Global eVA Security Officer The Global eVA Security Officer is responsible for administering, monitoring and facilitating the eVA Security program in compliance with the eVA Security Policy and Standards. This position will also be responsible for developing and maintaining the procedures necessary for the execution of the eVA Security Policy and Standards. These procedures must be reviewed and approved by the DPS Director or designee. The Global eVA Security Officer will create, update, or deactivate any user account at the request of the Entity eVA Security Officer, the Entity Administrative Head,
eVA Electronic Procurement System Security Standards Department of General Services / Division of Purchases and Supply Date: May 1, 2013 or Designee where the request cannot be performed by the Entity or the DPS Account Executive. The Global eVA Security Officer is empowered to take or authorize appropriate actions deemed necessary to protect COVA from fraud, misuse, or abuse. Actions taken to prevent or respond to incidents including: fraud, waste, or abuse shall be reported to the DPS Director or designee and the Director of DGS Information Systems and Services, who will review the action within ten (10) workdays. The DPS Director or designee shall approve the action or direct access to be reestablished with or without conditions. Global eVA Technical Lead The Global eVA Technical Lead is empowered to take or authorize appropriate actions deemed necessary to protect COVA from security incidents. For occurrences of intrusion reported by service provider, the DGS Information Security Officer will also be notified Service Provider Administrator (CGI) Overall security to protect eVA is the responsibility of CGI. Examples of their responsibilities include providing: Technical training materials to the Global eVA Security Officer. A technical security architecture that secures telecommunications, data and systems interoperability. Physical security for the service offering hardware, software, and data as well as personnel security. Threat detection, incident handling, and monitoring and controlling of systems activities as required, detecting security violations and maintaining audit trails of security administration activities and/or system administration access to the eVA service offering. For establishment of an incident response team charged with responding to misuse, abuse, or unauthorized access of eVA. The Global eVA Security Officer shall be a member of this response team and shall follow all directives of the designated response team leader. For monitoring of the eVA solution, responding to incidents, and informing the Global eVA Security Officer of any intrusions or attacks that penetrate eVA firewalls or violations of eVA or CGI-AMS security standards. For business continuity of eVA. Page 7
Page 1 and 2: COMMONWEALTH OF VIRGINIA eVA Electr
Page 3 and 4: eVA Electronic Procurement System S
Page 5: eVA Electronic Procurement System S
Page 29: eVA Electronic Procurement System S

COMMONWEALTH OF VIRGINIA - Eva.virginia.gov

Create successful ePaper yourself

Delete template?

Save as template?